7 matches found
PYSEC-2026-1967 TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22)
Description A critical path traversal vulnerability CWE-22 has been identified in the reviewpaper function in backend/app.py. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions. Impact...
CVE-2026-7042
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...
EUVD-2026-25719
A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function createapp of the file backend/app/init.py of the component REST API Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published a...
CVE-2026-5630 assafelovic gpt-researcher Report API app.py cross site scripting
A flaw has been found in assafelovic gpt-researcher up to 3.4.3. The impacted element is an unknown function of the file backend/server/app.py of the component Report API. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been...
GPT Researcher 代码注入漏洞
GPT Researcher is an AI-based deep research agent tool developed by Assaf Elovic as a personal development tool. Versions of GPT Researcher 3.4.3 and earlier have a code injection vulnerability, which stems from improper handling of the backend/server/app.py file. This vulnerability may lead to...
Directory Traversal
Overview tiny-scientist is an A lightweight framework for building research agents Affected versions of this package are vulnerable to Directory Traversal via the reviewpaper function in the backend/app.py file. An attacker can access arbitrary PDF files on the server by supplying crafted file...
CVE-2025-55149 Path Traversal Vulnerability in PDF Review Function (CWE-22)
Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research—from ideation to implementation, writing, and review. In versions 0.1.1 and below, a critical path traversal vulnerability has been identified in the reviewpaper function in backend/app.py. The...